diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index 6be1abc9..e3963ac2 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -48,7 +48,7 @@ jobs:
             docker-archive:${{ steps.artifact.outputs.base_artifact_name }} \
             docker-daemon:trivy/charmed-spark:test
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           image-ref: 'trivy/charmed-spark:test'
           format: 'sarif'
@@ -63,7 +63,7 @@ jobs:
           ref: ${{ inputs.branch }}
 
       - name: Run Trivy in GitHub SBOM mode and submit results to Dependency Graph
-        uses: aquasecurity/trivy-action@0.20.0
+        uses: aquasecurity/trivy-action@0.28.0
         with:
           scan-type: 'image'
           format: 'spdx-json'